Critical security holes affect almost every product the company makes

Cisco Systems Inc. warned its customers about two critical security holes that affect almost every product the company makes. The vulnerabilities could be used by malicious hackers to create so-called "denial of service" (DoS) attacks, causing Cisco products to abruptly restart or drop active connections with other devices.

Cisco issued advisories on Tuesday, revealing the impact on the company's products of a security hole in the Transmission Control Protocol (TCP) and another serious vulnerability in company's Internetwork Operating System (IOS) that affects the Simple Network Management Protocol (SNMP). The advisories are just the latest in a string of security warnings from the San Jose, California, networking equipment maker.

Following warnings yesterday from the U.K.'s National Infrastructure Security Co-Ordination Centre (NISCC) and the US Computer Emergency Readiness Team (US-CERT), Cisco issued two advisories regarding a security vulnerability in the standard implementation of TCP.

Cisco is just one of a large number of software and hardware makers that are affected by the TCP hole.

The TCP hole is found in all implementations of TCP that comply with the Internet Engineering Task Force's TCP specification. By exploiting the holes, malicious hackers could cause TCP sessions to end prematurely, creating a DoS attack. The TCP vulnerability could also disrupt communications among Internet routers by interrupting BGP (Border Gateway Protocol) sessions that use TCP, NISCC said Tuesday.

In one advisory, Cisco published software updates for more than 47 of the company's products that contain the TCP vulnerability but do not use the IOS operating system. (See: http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.)

Cisco issued a separate advisory listing updates for scores of versions of the IOS operating system that are also affected by the TCP hole and provided workaround instructions for customers who are unable to update their operating system. (See: http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml .)

In a third advisory, Cisco said that it patched a flaw in the way certain versions of IOS process SNMP traffic. The software vulnerability, which was introduced by a coding error to fix an earlier IOS problem, could cause memory on the Cisco devices running IOS to be corrupted, forcing the affected device to restart unexpectedly, Cisco said. (See: http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml)

The company said it fixed the SNMP problem and published information on updating IOS with new versions of the operating system.

US-CERT also issued a warning about the Cisco SNMP hole and advised Cisco customers to upgrade their devices that use affected versions of IOS. (See: http://www.us-cert.gov/cas/techalerts/TA04-111B.html.)

The warnings are just the latest from Cisco, which has disclosed a number of serious vulnerabilities in recent weeks, including a hole in Cisco VPN (virtual private network) hardware and software and in two products used to manage wireless LANs and e-business services in corporate data centers.